Fine-Grained Control-Flow Integrity through Binary Hardening

Get BibTex-formatted data

Author

Mathias Payer, Antonio Barresi, and Thomas R. Gross

Entry type

inproceedings

Abstract

Applications written in low-level languages without type or memory safety are prone to memory corruption. Attackers gain code execution capabilities through memory corruption despite all currently deployed defenses. Control-Flow Integrity (CFI) is a promising security property that restricts indirect control-flow transfers to a static set of well-known locations. We present Lockdown, a modular, fine-grained CFI policy that protects binary-only applications and libraries without requiring source-code. Lockdown adaptively discovers the control-flow graph of a running process based on the executed code. The sandbox component of Lockdown restricts interactions between different shared objects to imported and exported functions by enforcing fine-grained CFI checks using information from a trusted dynamic loader. A shadow stack enforces precise integrity for function returns. Our prototype implementation shows that Lockdown results in low performance overhead and a security analysis discusses any remaining gadgets.

Date

2015 – 7 – 9

URL

http://nebelwelt.net/publications/15DIMVA/

Booktitle

DIMVA'15: 12th Conference on Detection of Intrusions and Malware and Vulnerability Assessment

Key alpha

payer

Publication Date

2015-07-09

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Inproceedings{ payer,
	title = "Fine-Grained Control-Flow Integrity through Binary Hardening",
	author = "Mathias Payer, Antonio Barresi, and Thomas R. Gross",
	year = "2015",
	month = "7",
	booktitle = "DIMVA'15: 12th Conference on Detection of Intrusions and Malware and Vulnerability Assessment",
	day = "9",
	abstract = "Applications written in low-level languages without type or memory safety are prone to memory corruption. Attackers gain code execution capabilities through memory corruption despite all currently deployed defenses. Control-Flow Integrity (CFI) is a promising security property that restricts indirect control-flow transfers to a static set of well-known locations.

We present Lockdown, a modular, fine-grained CFI policy that protects binary-only applications and libraries without requiring source-code. Lockdown adaptively discovers the control-flow graph of a running process based on the executed code. The sandbox component of Lockdown restricts interactions between different shared objects to imported and exported functions by enforcing fine-grained CFI checks using information from a trusted dynamic loader. A shadow stack enforces precise integrity for function returns. Our prototype implementation shows that Lockdown results in low performance overhead and a security analysis discusses any remaining gadgets.",
	url = "http://nebelwelt.net/publications/15DIMVA/",
}